Application Security How-To Articles
This category is for articles describing how to perform a specific activity that contributes to application security. For example, "How to test session identifier strength using WebScarab." Articles should be titled with a specific title starting with "How To." Articles can focus in on a specific topic or be an overview article that references lots of smaller steps. Long articles should be broken into a set of smaller steps with an overview article.
The OWASP Guides
There are three different OWASP Guides. They are full of useful information about how to perform application security activities.
- The OWASP Guide to Building Secure Web Applications and Web Services
- This OWASP Guide has hundreds of articles about all the major security issues you'll encounter when designing or building a secure web application or web service.
- The OWASP Testing Guide
- This OWASP Guide has articles specifically about performing security penetration testing on web applications and web services.
- The OWASP Code Review Guide
- This OWASP Guide covers all the same vulnerabilities and security mechanisms as the Testing Guide, but provides guidance on finding the problems in the source code.
OWASP LiveCD Education Project (SpoC 2007)
- OWASP - WebScarab Exploiting Input Validation
- Parameter exploitation and input validation.
- OWASP - LabRat Up and Running on Hard Disk
- Guide to installing OWASP LabRat to your hard disk.
- OWASP - Running WebGoat in LabRat
- Guide to getting WebGoat up and running.
- OWASP - Using JBroFuzzer in LabRat
- Introduction to using JBroFuzzer in LabRat.
- OWASP - WebGoat Introduction to XSS
- Introduction to and working examples of XSS using WebGoat in LabRat.
- OWASP - Building Your Own LabRat ISO
- Guide to building your own custom LabRat ISO distribution.
Other How-To Articles
There are some other How-To articles listed below. Many are stubs that need to be finished.
This category has the following 2 subcategories, out of 2 total.
- ► OWASP Project (133 C, 419 P)
Pages in category "How To"
The following 32 pages are in this category, out of 32 total.
- How to add a new article
- How to add a security log level in log4j
- How to bootstrap the NIST risk management framework with verification activities
- How to bootstrap your SDLC with verification activities
- How to create verification project schedules
- How to modify proxied conversations
- How to perform a security architecture review at Level 1
- How to perform a security architecture review at Level 2
- How to specify verification requirements in contracts
- How to test session identifier strength with WebScarab
- How to Write an Application Code Review Finding
- How to write insecure code
- How to write verifier job requisitions